mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Tommaso Sardelli	cccbebc146	fix(refresh): avoid deadlock by moving connector refresh outside txn and adding per-token mutex Previously, `updateRefreshToken` executed `refreshWithConnector` inside the `UpdateRefreshToken` transaction. With SQL backends that enforce strict connection limits (e.g. SQLite), this blocked the only available connection while the connector call could indirectly trigger further storage access (e.g. when using PasswordDB), causing the system to hang. This patch moves connector refresh calls outside of the storage transaction and introduces a per-refresh-ID mutex to ensure only one concurrent request per token hits the external IdP. Other concurrent requests wait for the mutex and reuse the updated identity. Signed-off-by: Tommaso Sardelli <t.sardelli@datahow.ch>	7 months ago
Bob Maertz	ad31b5d6f7	Passing context storage (#3941 ) Signed-off-by: Bob Maertz <1771054+bobmaertz@users.noreply.github.com>	1 year ago
Maksim Nabokikh	225660785c	Enrich Dex logs with real IP and request ID (#3661 ) Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>	2 years ago
Sean Liao	0b6a78397e	use slog for structured logging (#3502 ) Signed-off-by: Sean Liao <sean+git@liao.dev>	2 years ago
Romain Caire	8755308759	[RFC7662] Add introspect endpoint to introspect access & refresh token (#3404 ) Signed-off-by: Romain Caire <super.cairos@gmail.com>	2 years ago
Sean Liao	dcf7b18510	OAuth 2.0 Token Exchange (#2806 ) Signed-off-by: Sean Liao <sean+git@liao.dev> Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>	3 years ago
Maksim Nabokikh	6d9ca8de49	fix: Do not use connector data from the refresh token field (#2729 ) Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	3 years ago
m.nabokikh	4b5f1d5289	fix: refresh token only once for all concurrent requests Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
m.nabokikh	ad89e01676	fix: log only errors on refreshing Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
Maksim Nabokikh	ca615f7ad7	Update server/refreshhandlers.go Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
m.nabokikh	578cb05f7b	fix: return invalid_grant error on claiming token of another client Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	4 years ago
m.nabokikh	9fad0602ec	fix: do not update offlinesession lastUsed field if refresh token was not change Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
Maksim Nabokikh	568fc06520	Update server/refreshhandlers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	9340fee011	Fixes after rebasing to the actual main branch Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	89295a5b4a	More refresh token handler refactoring, more tests Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	4e73f39f57	Do not refresh id token claims if refresh token is allowed to reuse Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago
m.nabokikh	0c75ed12e2	Add refresh token expiration tests and some refactoring Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	5 years ago

18 Commits (cccbebc146f95ddad890fd2307c9c0bf5497ecee)